Legal counsel to guide you through the ever-changing world of data privacy and security.
Capehart Scatchard’s Privacy and Security practice group advises and assists businesses in meeting the challenges of the complex and fast changing legal environment surrounding the interconnection of personal data, technology and human behavior. With over 20 years of expertise in addressing the intricacies of HIPAA privacy, security and data breach compliance, and analyzing and helping businesses comply with a multitude of other state, federal and international laws affecting the privacy and security of confidential information, our attorneys approach each client with an understanding of the business and workforce challenges that accompany every privacy and security issue.
We are experienced in drafting and fine-tuning policies and procedures, reviewing and resolving patient and customer complaints, negotiating business associate and vendor agreements, analyzing business operations for regulatory compliance, and responding to government audits and investigations. We collaborate with information technology experts to conduct security risk assessments and help healthcare providers and all types of businesses understand and address their privacy, security and cyber risks and prepare for the inevitable security incidents and data breaches. We work closely with attorneys in our Healthcare, Employment, Business, and Litigation practice groups to address our clients’ needs from a comprehensive perspective.
How We Can Help
Legal Services
The Privacy & Security Practice provides assistance in the following areas:
- Conduct HIPAA privacy audits and coordinate security risk assessments
- Counsel HIPAA Covered Entities and Business Associates in maintaining compliant arrangements
- Conduct training for client personnel on privacy and security
- Draft and review HIPAA policies, procedures and forms
- Draft and review employee manual provisions for compliance with privacy and security laws
- Business Associate Contract preparation and review
- Vendor Agreements and Confidentiality Agreements
- Advise on multiple State Identity Theft, Red Flag, and Data Breach Notification Laws
- Counsel & advise on federal (FTC, IRS) and international (GDPR) privacy and security laws
- Advise providers and vendors regarding telehealth and telemedicine requirements
- Review of cyber risk and data breach insurance policies
- Advise on privacy and security in website and online advertising (COPPA)
- Data breach and disaster preparedness and response
- Data and record retention
- Payment card (PCI-DSS) security
- Education privacy (FERPA)
- Computer criminal activity laws
Schedule an Appointment
Contact Us
Do you have a Privacy or Security issue?
Please contact us for a consultation.
Delivering Results
Practice Highlights
Our clients include solo and large medical practices, licensed entities, mobile app developers, telehealth providers, vendor companies, financial services providers, and companies in retail, hospitality, real estate and other industries with unique privacy and security issues. A sampling of some of our privacy and security matters includes:
- Counsel HIPAA Covered Entities in developing and implementing individualized HIPAA privacy, security and data breach policies and procedures
- Collaboration on Security Risk Assessment for health care providers, professional employer organizations, translation and interpretation providers, cloud EMR provider
- Prepare protective orders for HIPAA compliance in legal proceedings
- Review telemedicine delivery platforms and telemedicine services agreements
- Analyze and prepare policies for compliance with HIPAA and licensing board security requirements related to use of electronic medical records
- Train client staff on HIPAA and related requirements for protecting personal information
- Analyze and advise covered entities on security incidents and determining data breach requirements related to mitigation, notification and reporting to governmental entities
- Analyze privacy and security compliance for due diligence in mergers and acquisitions
- Counsel clients on privacy and security provisions in purchase and sale transaction for post-closing HIPAA compliance
- Negotiate agreements for both Covered Entities and Business Associates under HIPAA and state law requirements
- Advise licensed behavioral health entities on state licensing and federal privacy requirements, including substance abuse treatment records
- Advise medical marijuana providers in maintaining patient privacy in conflicting law enforcement environment
- Representation of medical practices in responding to OCR and patient complaints alleging HIPAA violations
- Review and counsel clients on cyber risk insurance
- Advise clients and work with design consultants on addressing physical facility privacy and security risks
- Audit client websites for compliance with privacy, security and license requirements
- Advise on computer theft and landlord-tenant liability in privacy and security violations